Re: Don't use S-boxes!

From: karl malbrain (karl_m_at_acm.org)
Date: 11/29/04


Date: 29 Nov 2004 11:41:30 -0800

BRG <brg@nowhere.org> wrote in message news:<41a24168$0$70761$ed2619ec@ptn-nntp-reader01.plus.net>...
> karl_m@acm.org wrote:
> > BRG wrote:
> >
> >
> >>My published AES code can be configured to use tables from 256 bytes
> >>upwards - that is 256 bytes for encrypt and 256 bytes for decrypt.
> >>
> >>256 byte tables are very slow but 1024 byte tables provide good
> >>performance with greater resistance to this sort of timing attack.
> >
> >
> > Do you have the necessary RDTSC instrumentation in place to produce
> > cycles-per-byte figures? On the insistance of Professor Wagner, I
> > recently added these to the REFERENCE IMPLEMENTATION I maintain at
> > www.geocities.com/malbrain/aestable.html
> > Feel free to lift the relevant sections if you need them.
>
> In short, yes, I produce cycles/byte figures using a standard timing
> harness that uses the RDTSC on the x86.

What STANDARD DEVIATION do you obtain for a few independent calls?

> My timing code is available on my site but, more recently, Christophe
> Devine and I developed the AES timing code that he has made available here:
>
> http://www.cr0.net:8040/code/crypto/aesbench.tgz

Yes, I've downloaded and configured your implementation. karl m



Relevant Pages

  • Re: Dont use S-boxes!
    ... BRG wrote: ... >> Do you have the necessary RDTSC instrumentation in place to produce ... > In short, yes, I produce cycles/byte figures using a standard timing ... I decided I needed a REFERENCE IMPLEMENTATION. ...
    (sci.crypt)
  • Re: Dont use S-boxes!
    ... >> Do you have the necessary RDTSC instrumentation in place to produce ... > My timing code is available on my site but, more recently, Christophe ... > Devine and I developed the AES timing code that he has made available here: ... so I'm posting this here: ...
    (sci.crypt)